Documentation
¶
Index ¶
Constants ¶
View Source
const ( // EnvIdentityTLSEnabled is an environment variable that controls whether the X.509 // TLS STS API is enabled. By default, if not set, it is enabled. EnvIdentityTLSEnabled = "MINIO_IDENTITY_TLS_ENABLE" // EnvIdentityTLSSkipVerify is an environment variable that controls whether // MinIO verifies the client certificate present by the client // when requesting temp. credentials. // By default, MinIO always verify the client certificate. // // The client certificate verification should only be skipped // when debugging or testing a setup since it allows arbitrary // clients to obtain temp. credentials with arbitrary policy // permissions - including admin permissions. EnvIdentityTLSSkipVerify = "MINIO_IDENTITY_TLS_SKIP_VERIFY" )
Variables ¶
View Source
var DefaultKVS = config.KVS{ config.KV{ Key: skipVerify, Value: "off", }, }
DefaultKVS is the default K/V config system for the STS TLS API.
View Source
var Help = config.HelpKVS{ config.HelpKV{ Key: skipVerify, Description: `trust client certificates without verification (default: 'off')`, Optional: true, Type: "on|off", }, }
Help is the help and description for the STS API K/V configuration.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Enabled bool `json:"enabled"`
// InsecureSkipVerify, if set to true, disables the client
// certificate verification. It should only be set for
// debugging or testing purposes.
InsecureSkipVerify bool `json:"skip_verify"`
}
Config contains the STS TLS configuration for generating temp. credentials and mapping client certificates to S3 policies.
Source Files
Click to show internal directories.
Click to hide internal directories.